Cyber Consultant

The role holder:

The post holder will primarily act as the focal point and main point of contact on all Common Working Enviroment (CWE) cyber security matters for the FCAS AP programme whilst supporting the wider FCAS Cyber team generally.

The post holder will assist with the definition of Cyber Security requirements. This will include compliance with enterprise information security policies, MoD regulations and standards and Air’s cyber risk management and goverance process. They will contribute to an effective Cyber Security culture in support of business objectives. Monitoring and engaging with the project teams, partners, and the customer on relevant standards and frameworks.

Initiate and influence relationships with and between key stakeholders. Support the development of processes to manage and monitor Cyber Security threats and risks in accordance with programme Cyber security risk appetite, reporting threats and recommending risk mitigation to stakeholders.

Contribute to policy and procedures across the overall Cyber Security programme and project work. Apply their in depth knowledge and experience of cyber controls to enable the safeguarding of information assets against accidental or unauthorised access, modification, destruction or disclosure. Help drive innovation in Cyber security solutions for the project.

Promote a positive culture of information security and awareness and manage information security policies, standards, procedures and methods necessary to implement the strategy. Assist with the promotion, development, acquisition and implementation of information security enhancements to business IT infrastructure and technology to support wider business processes.  

Contribute to the necessary program and project cyber security support in line with business needs and strategic direction. Contribute to Cyber security strategies to achieve business information security risk appetite and monitor progress.

Core Duties

• Working with the Head of Cyber Programmes and Projects, provide SME knowledge to the projects and programme, on cyber security ensuring alignment to Corporate Information Security activities. Act as the focal point and main point of contact on all Common Working Enviroment (CWE) cyber security matters for the FCAS AP programme. Work with IT architects to develop secure architectural solutions. Support the accreditation of the FCAS-AP CWEs. Drive innovative and proactive Cyber Security across the FCAS AP projects and programme. Contribute to the development, deployment and communication of the Cyber Security strategies throughout the FCAS AP programme and projects. Understand the needs of the FCAS AP programme and projects to inform the Cyber Security strategy, policies and processes to ensure the safeguard of project and programme information and assets in accordance with risk appetite, regulations and goverance requirements Support Working Groups across FCAS AP, develop management reporting and Cyber Security reporting. Establish and maintain relationships across FCAS AP stakeholders. Act as a Cyber Security SME for the FCAS AP. Ensure understanding of risks, controls, ownership and accountability. Ensure that Cyber security and Cyber Resilience is an intergral part of all FCAS AP project work.

Competencies

• Knowledge of external Information Security Standards, such as NIST 800, SO 27001 etc. In depth knowledge and experience of cyber controls (covering cloud, hybrid and traditional on premise environments) and associated architectural solutions. Experince and knowledge of implementing UK Government approved encryption. Degree in IT or Computing relating subject (desirable but not essential). Ideally 5 - 8 years in a Cyber or IT Security role.  In-depth knowledge of MoD accreditation methods, standards and goverance. Broad experience in Cyber Security and Cyber Security management methodologies. Experience in conducting objective assurance reviews.

Behaviours

• The ability to think through broad, complex issues and to identify and summarise salient factors. Ability for pragmatic decision making and the ability to work with the business and find cost effective solutions and risk mitigation.
• The ability to identify alternative courses of action, assess their merits and produce robust risk mitigation plans.
• Excellent interpersonal skills and a high level of integrity and discretion to manage potentially sensitive incidents and investigations with internal and external stakeholders. Highly motivated and self-disciplined, with the ability to work autonomously. Strong communication skills with the ability to communicate complex subjects to a variety of audiences, pulling out key issues and decision points.